libaudit = dependency('audit',
required : get_option('audit'))
conf.set10('HAVE_AUDIT', libaudit.found())
+libaudit_cflags = libaudit.partial_dependency(includes: true, compile_args: true)
libblkid = dependency('blkid',
required : get_option('blkid'))
}
msg = strjoina("unit=", p);
- if (audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
+ if (sym_audit_log_user_comm_message(audit_fd, type, msg, "systemd", NULL, NULL, NULL, success) < 0) {
if (ERRNO_IS_PRIVILEGE(errno)) {
/* We aren't allowed to send audit messages? Then let's not retry again. */
log_debug_errno(errno, "Failed to send audit message, closing audit socket: %m");
implicit_include_directories : false,
c_args : ['-fvisibility=default'],
dependencies : [libacl,
- libaudit,
+ libaudit_cflags,
libblkid,
libdl,
libm,
if (r >= 0) {
if (type == SELINUX_AVC)
- audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, getuid());
+ sym_audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, getuid());
else if (type == SELINUX_ERROR)
- audit_log_user_avc_message(fd, AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, getuid());
+ sym_audit_log_user_avc_message(fd, AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, getuid());
return 0;
}
#include "log.h"
#include "socket-util.h"
+#if HAVE_AUDIT
+static void *libaudit_dl = NULL;
+
+static DLSYM_PROTOTYPE(audit_close) = NULL;
+DLSYM_PROTOTYPE(audit_log_acct_message) = NULL;
+DLSYM_PROTOTYPE(audit_log_user_avc_message) = NULL;
+DLSYM_PROTOTYPE(audit_log_user_comm_message) = NULL;
+static DLSYM_PROTOTYPE(audit_open) = NULL;
+
+int dlopen_libaudit(void) {
+ ELF_NOTE_DLOPEN("libaudit",
+ "Support for Audit loggging",
+ ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED,
+ "libaudit.so.1");
+
+ return dlopen_many_sym_or_warn(
+ &libaudit_dl,
+ "libaudit.so.1",
+ LOG_DEBUG,
+ DLSYM_ARG(audit_close),
+ DLSYM_ARG(audit_log_acct_message),
+ DLSYM_ARG(audit_log_user_avc_message),
+ DLSYM_ARG(audit_log_user_comm_message),
+ DLSYM_ARG(audit_open));
+}
+#endif
+
static int try_audit_request(int fd) {
struct iovec iov;
struct msghdr mh;
if (cached_use >= 0)
return cached_use;
+ if (dlopen_libaudit() < 0)
+ return (cached_use = false);
+
_cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
if (fd < 0) {
cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
int close_audit_fd(int fd) {
#if HAVE_AUDIT
if (fd >= 0)
- audit_close(fd);
+ sym_audit_close(fd);
#else
assert(fd < 0);
#endif
int open_audit_fd_or_warn(void) {
#if HAVE_AUDIT
+ int r;
+
+ r = dlopen_libaudit();
+ if (r < 0)
+ return r;
+
/* If the kernel lacks netlink or audit support, don't worry about it. */
- int fd = audit_open();
+ int fd = sym_audit_open();
if (fd < 0)
return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING,
errno, "Failed to connect to audit log, ignoring: %m");
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
+#include "forward.h"
+
#if HAVE_AUDIT
# include <libaudit.h> /* IWYU pragma: export */
-#endif
-#include "forward.h"
+# include "dlfcn-util.h"
+
+extern DLSYM_PROTOTYPE(audit_log_acct_message);
+extern DLSYM_PROTOTYPE(audit_log_user_avc_message);
+extern DLSYM_PROTOTYPE(audit_log_user_comm_message);
+
+int dlopen_libaudit(void);
+#endif
bool use_audit(void);
libshared_deps = [threads,
libacl,
- libaudit,
+ libaudit_cflags,
libblkid,
libcap,
libcrypt,
'name' : 'systemd-sysusers',
'public' : true,
'sources' : files('sysusers.c'),
- 'dependencies' : libaudit,
+ 'dependencies' : libaudit_cflags,
},
executable_template + {
'name' : 'systemd-sysusers.standalone',
libshared_static,
libsystemd_static,
],
- 'dependencies' : libaudit,
+ 'dependencies' : libaudit_cflags,
},
]
*/
ORDERED_HASHMAP_FOREACH(i, what == ADD_USER ? c->todo_uids : c->todo_gids)
- audit_log_acct_message(
+ sym_audit_log_acct_message(
c->audit_fd,
type,
program_invocation_short_name,
#include "gcrypt-util.h"
#include "idn-util.h"
#include "libarchive-util.h"
+#include "libaudit-util.h"
#include "libfido2-util.h"
#include "main-func.h"
#include "module-util.h"
ASSERT_DLOPEN(dlopen_gcrypt, HAVE_GCRYPT);
ASSERT_DLOPEN(dlopen_libkmod, HAVE_KMOD);
ASSERT_DLOPEN(dlopen_libapparmor, HAVE_APPARMOR);
+ ASSERT_DLOPEN(dlopen_libaudit, HAVE_AUDIT);
return 0;
}
'name' : 'systemd-update-utmp',
'conditions' : ['ENABLE_UTMP'],
'sources' : files('update-utmp.c'),
- 'dependencies' : libaudit,
+ 'dependencies' : libaudit_cflags,
},
]
#if HAVE_AUDIT
if (c->audit_fd >= 0)
- if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
+ if (sym_audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_BOOT, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
errno != EPERM)
q = log_error_errno(errno, "Failed to send audit message: %m");
#endif
Context *c = ASSERT_PTR(userdata);
if (c->audit_fd >= 0)
- if (audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
+ if (sym_audit_log_user_comm_message(c->audit_fd, AUDIT_SYSTEM_SHUTDOWN, "", "systemd-update-utmp", NULL, NULL, NULL, 1) < 0 &&
errno != EPERM)
q = log_error_errno(errno, "Failed to send audit message: %m");
#endif
projects / thirdparty / systemd.git / commitdiff
